DISA updates draft cloud security guidelines

DISA updates draft cloud security guidelines

As the Department of Defense looks to move more resources to the cloud, the Defense Information Systems Agency has updated its draft guidance on cloud security.

The first of three revised documents is an updated version of the Department of Defense Cloud Computing Security Requirements Guide, which “outlines the security model by which DOD will leverage cloud computing along with the security controls and additional requirements necessary for using cloud-based solutions.”

The next document, a cloud access point (CAP) functional requirements document, identifies the security, network and performance considerations for protecting the Department of Defense Information Network where it meets the cloud service environment. CAPs are designed to detect and prevent an attack before it reaches the DODIN and to provide perimeter defenses and sensing for applications hosted in the commercial cloud service. 

The third document, a draft concept of operations, defines procedures for the organizations that will defend DODIN in the cloud.

All three drafts are available for community review; comments are due by Aug. 22.  

About the Author

Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected